Skip Navigation
Expand
Migrating the Google OpenLogin from OpenID 2 to OpenID Connect
Answer ID 7794   |   Last Review Date 12/18/2018

How can I implement Google's new OpenID Connect method?

Environment:

Oracle B2C Service August 2014 or newer using Customer Portal (CP) Framework v3.2 or newer and the OpenLogin Widget v1.1 or newer.

If your current Oracle B2C Service version is older than August 2014, please review Answer ID 1818: Overview of legacy Service Cloud update process

If you need to migrate your CP Framework and/or widget from an older version, please review this answer and the product's manual.

Resolution:

Please follow the steps within the following guide to register your site with Google's OAuth and obtain a Client ID and a Client Secret

Setting up OAuth 2.0

The redirect URI should match https://<interface>.custhelp.com/ci/openlogin/oauth/callback/google or https://<custom.domain>/ci/openlogin/oauth/callback/google

Using the obtained Client ID and Client Secret, fill out the GOOGLE_OAUTH_APP_ID and GOOGLE_OAUTH_APP_SECRET configuration verbs respectively within your interface.

In Google's Developer Console, make sure you have enabled the following two APIs:

  • APIs&Auth>Credentials>OAuth
  • APIs&Auth>APIs>Google + API

Cause:

Since the 1st of May 2015, Google's old OpenID 2.0 login method has been shut down completely. In order to continue using Google as an OpenLogin provider, you will have to properly configure your Customer Portal to use the newer OpenID Connect (OAuth 2.0) method.

Notes:

If you receive a 400: Bad Request response when trying to log in, please review the "Set a redirect URI" section within this guide.

If you receive a 401: Unauthorized response, please verify that the GOOGLE_OAUTH_APP_ID and GOOGLE_OAUTH_APP_SECRET configuration verbs have been configured properly. The App Secret will be encoded, thus unreadable.

If you still receive an error, please be sure that the Google account being used to authenticate (end-user) has a Google+ profile associated with it.